2 min read

1Password opens Claude access without exposing passwords

1Password’s new Agentic Mode lets Claude log into sites with user approval while keeping passwords and MFA codes out of the model.

Image: ZDNET

Elyse Betters Picaro/ZDNET
Elyse Betters Picaro/ZDNET

1Password has launched Agentic Mode, a new feature that lets Claude access protected accounts without ever seeing the underlying credentials. According to the company, passwords and MFA one-time codes are injected directly into the login page through a secure channel, outside the model’s view, so they never reach Claude’s context or Anthropic’s systems.

The workflow is built around explicit user approval. When Claude needs access to a service, it requests credentials through 1Password, which then presents an authorization sheet for the user to approve with biometric verification, a password, or Touch ID. YubiKey support exists more broadly in 1Password, but the company said it is not yet available for this application, though it is planned.

1Password says the access is per session and scoped to a specific task, with no standing permission that carries over. If Claude needs to return to a service such as Stripe, it must ask again and the user must approve again. The company also said Claude will not revisit a site on its own; it would only return with clear user instructions.

There is one practical caveat. As described to ZDNET, reauthentication depends on the user or agent logging out at the end of the task. If a site keeps a browser session alive through cookies or similar mechanisms, that session could persist the same way it would in a normal browser.

Recommended reading

Zoom fixes critical bug with remote account takeover risk

Availability and rollout

According to 1Password, Agentic Mode is available to all 1Password users as of today. Credential controls are included at launch, while support for payment cards and identity details will come later. The feature activates automatically when a recognized AI agent takes control of the browser, and users can see when it is active in the 1Password browser extension and cancel it at any time.

The rollout starts with Claude, but 1Password says the framework is meant to expand to other browser-based agents and platforms as that ecosystem grows.

ZDNET notes that Robert Downey Jr. and Ryan Reynolds are investors in 1Password.

Sophia Reynolds

Security Editor

Sophia unpacks the invisible wars happening on our networks. Covering cybersecurity, privacy legislation, and cryptography, she exposes how our data is weaponized and defended. Before joining for(geeks), she spent years as a penetration tester. She's the reason the rest of the team uses physical security keys.

via ZDNET

// Keep reading